Sync Latest - 12/6/19 (#27)

- miTLS support (Windows)
- Tools fixes
- Tests fixes

.azure/run_linux.sh → .azure/test_linux.sh

@@ -13,6 +13,7 @@ cd artifacts/dumps
 
 # Run the tests.
 ../bin/msquictest \
+    --gtest_filter=$1 \
     --gtest_output=xml:../logs/linux-test-results.xml
 
 # Copy logs to log folder (with correct permsissions).

.azure/run_windows.cmd → .azure/test_windows.cmd

@@ -1,6 +1,12 @@
 
 :: Install ProcDump if not already installed.
-PowerShell test\get_procdump.ps1
+PowerShell .azure\get_procdump.ps1
+
+:: Enable SChannel TLS 1.3 for client and server.
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v Enabled /t REG_DWORD /d 1 /f
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v Enabled /t REG_DWORD /d 1 /f
 
 :: Start ProcDump
 mkdir artifacts\dumps
@@ -19,6 +25,7 @@ netsh trace start sessionname=quic ^
 
 :: Run the tests.
 artifacts\bin\Release\msquictest.exe ^
+    --gtest_filter=%1 ^
     --gtest_output=xml:artifacts\logs\windows-test-results.xml
 
 :: Stop log collection.

.gitmodules

@@ -5,3 +5,7 @@
 	path = submodules/openssl
 	url = https://github.com/tatsuhiro-t/openssl.git
 	branch = openssl-quic-draft-24
+[submodule "submodules/everest"]
+	path = submodules/everest
+	url = https://github.com/nibanks/everest-dist.git
+	branch = pr/msquic

CMakeLists.txt

@@ -100,6 +100,8 @@ else()
     set(QUIC_CXX_FLAGS "${QUIC_COMMON_FLAGS} --std=c++17 -g -Wno-reorder -Wno-sign-compare -Wno-format")
 endif()
 
+include_directories(${CMAKE_SOURCE_DIR}/inc)
+
 if(QUIC_TLS STREQUAL "openssl")
     # Configure and build OpenSSL.
     add_custom_command(
@@ -116,7 +118,13 @@ if(QUIC_TLS STREQUAL "openssl")
         DEPENDS ${CMAKE_SOURCE_DIR}/bld/openssl/lib/libssl.so)
 endif()
 
-include_directories(${CMAKE_SOURCE_DIR}/inc)
+if (QUIC_TLS STREQUAL "mitls")
+    # Build Everest.
+    add_subdirectory(submodules/everest/msquic/msvc/kremlib)
+    add_subdirectory(submodules/everest/msquic/msvc/evercrypt)
+    add_subdirectory(submodules/everest/msquic/msvc/mitls)
+    add_subdirectory(submodules/everest/msquic/msvc/quiccrypto)
+endif()
 
 # Product code
 add_subdirectory(core)

azure-pipelines.yml

@@ -10,22 +10,32 @@ strategy:
       platform: 'Linux-Stub'
       imageName: 'ubuntu-latest'
       cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=stub -DQUIC_ENABLE_LOGGING=off'
-      testCmd: 'bash ./.azure/run_linux.sh'
+      testCmd: 'bash ./.azure/test_linux.sh ''*'''
+    linux-stub-sanitize:
+      platform: 'Linux-Stub-Sanitize'
+      imageName: 'ubuntu-latest'
+      cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=stub -DQUIC_ENABLE_LOGGING=off -DQUIC_SANITIZE_ADDRESS=on'
+      testCmd: 'bash ./.azure/test_linux.sh AppData/WithSendArgs2.SendLarge/0'
     linux-openssl:
       platform: 'Linux-OpenSSL'
       imageName: 'ubuntu-latest'
       cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=openssl -DQUIC_ENABLE_LOGGING=off'
-      testCmd: 'bash ./.azure/run_linux.sh'
+      testCmd: 'bash ./.azure/test_linux.sh ''*'''
     windows-x64-stub:
       platform: 'Windows-x64-Stub'
       imageName: 'windows-latest'
       cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=stub'
-      testCmd: '.\.azure\run_windows.cmd'
+      testCmd: '.\.azure\test_windows.cmd *'
+    windows-x64-mitls:
+      platform: 'Windows-x64-miTLS'
+      imageName: 'windows-latest'
+      cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=mitls'
+      testCmd: '.\.azure\test_windows.cmd *'
     windows-x64-schannel:
       platform: 'Windows-x64-Schannel'
       imageName: 'windows-latest'
       cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=schannel'
-      testCmd: 'echo Not supported yet'
+      testCmd: '.\.azure\test_windows.cmd ParameterValidation.*'
 
 pool:
   vmImage: $(imageName)

docs/BUILD.md

@@ -44,7 +44,7 @@ reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S
 - To decode the `quic.etl` file, run **TODO**
 
 ## Building on Linux (or [WSL](https://docs.microsoft.com/en-us/windows/wsl/wsl2-install))
-- Install tooling (WSL2 or Ubuntu)
+- Install tooling
     - `sudo apt-get install cmake`
     - `sudo apt-get install build-essentials`
 - Run `mkdir bld && cd bld`

inc/quic_trace.h

@@ -374,9 +374,8 @@ QuicSysLogWrite(
     QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[ tls][%p] ERROR, %s", Connection, ErrStr)
 #define EventWriteQuicTlsErrorStatus(Connection, Status, ErrStr) \
     QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[ tls][%p] ERROR, %u, %s", Connection, Status, ErrStr)
-
-#define EventWriteMiTLSTrace(Message) \
-    QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[mitls] %s", Message)
+#define EventWriteQuicTlsMessage(Connection, Message) \
+    QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_VERBOSE, "[ tls][%p] %s", Connection, Message)
 
 #define EventWriteQuicDatapathSendTo(Binding, TotalSize, BufferCount, SegmentSize, RemoteAddrLen, RemoteAddr) \
     QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_VERBOSE, "[ udp][%p] Send %u bytes in %u buffers (segment=%u) Dst=TODO", Binding, TotalSize, BufferCount, SegmentSize)

manifest/MsQuicEtw.man

@@ -732,6 +732,16 @@
                 name="Connection"
                 />
           </template>
+          <template tid="tid_CONN_MESSAGE">
+            <data
+                inType="win:Pointer"
+                name="Connection"
+                />
+            <data
+                inType="win:AnsiString"
+                name="Message"
+                />
+          </template>
           <template tid="tid_CONN_UINT32">
             <data
                 inType="win:Pointer"
@@ -2539,11 +2549,11 @@
           <event
               keywords="ut:TLS"
               level="win:Verbose"
-              message="$(string.Etw.miTLS)"
+              message="$(string.Etw.TlsMessage)"
               opcode="win:Info"
-              symbol="MiTLSTrace"
-              template="tid_MESSAGE"
-              value="9215"
+              symbol="QuicTlsMessage"
+              template="tid_CONN_MESSAGE"
+              value="8194"
               />
           <!-- 9216 - 10239 | Datapath Events -->
           <event
@@ -3093,8 +3103,8 @@
             value="[ tls][%1] ERROR, %2, %3."
             />
         <string
-            id="Etw.miTLS"
-            value="[mitls] %1"
+            id="Etw.TlsMessage"
+            value="[ tls] %1"
             />
         <string
             id="Etw.DatapathSendTo"

platform/CMakeLists.txt

@@ -28,6 +28,7 @@ elseif(QUIC_TLS STREQUAL "openssl")
 elseif(QUIC_TLS STREQUAL "mitls")
     message(STATUS "Configuring for miTLS")
     set(SOURCES ${SOURCES} cert_capi.c selfsign_capi.c tls_mitls.c)
+    include_directories(${CMAKE_SOURCE_DIR}/submodules/everest/msquic/msvc/include)
 else()
     message(STATUS "Configuring for stub TLS")
     set(SOURCES ${SOURCES} cert_stub.c selfsign_stub.c tls_stub.c)
@@ -46,4 +47,6 @@ if(QUIC_TLS STREQUAL "openssl")
     target_link_libraries(platform
         ${CMAKE_SOURCE_DIR}/bld/openssl/lib/libcrypto.so
         ${CMAKE_SOURCE_DIR}/bld/openssl/lib/libssl.so)
+elseif(QUIC_TLS STREQUAL "mitls")
+    target_link_libraries(platform kremlib evercrypt mitls quiccrypto)
 endif()

platform/platform_internal.h

@@ -53,6 +53,9 @@ typedef struct QUIC_PLATFORM {
 #include <ws2tcpip.h>
 #include <mswsock.h>
 #include <mstcpip.h>
+#if DBG
+#include <crtdbg.h>
+#endif
 
 #define QUIC_BASE_REG_PATH "System\\CurrentControlSet\\Services\\MsQuic\\Parameters\\"
 

platform/tls_mitls.c

@@ -16,6 +16,7 @@
 #endif
 
 #define IS_WINDOWS 1
+#pragma warning(disable:4996) // Deprecated APIs
 #include <EverCrypt.h>
 #include <mitlsffi.h>
 
@@ -379,7 +380,8 @@ MiTlsTraceCallback(
     _In_z_ const char *Msg
     )
 {
-    EventWriteMiTLSTrace(Msg);
+    // TODO - Save connection in thread-local storage and retrieve it?
+    EventWriteQuicTlsMessage(NULL, Msg);
 }
 
 QUIC_STATUS
@@ -1899,13 +1901,13 @@ typedef struct QUIC_HP_KEY {
     };
 } QUIC_HP_KEY;
 
-Spec_Hash_Helpers_hash_alg
+Spec_Hash_Definitions_hash_alg
 HashTypeToEverCrypt(
     QUIC_HASH_TYPE Type
 ) {
     return
-        (Spec_Hash_Helpers_hash_alg)
-            (Spec_Hash_Helpers_SHA2_256 + Type);
+        (Spec_Hash_Definitions_hash_alg)
+            (Spec_Hash_Definitions_SHA2_256 + Type);
 }
 
 #ifdef QUIC_TEST_MODE
@@ -2532,7 +2534,7 @@ QuicEncrypt(
     } else if (Key->Aead == QUIC_AEAD_AES_256_GCM) {
         EverCrypt_aes256_gcm_encrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Buffer, PlainTextLength, Temp, Temp+PlainTextLength);
     } else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
-        EverCrypt_chacha20_poly1305_encrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Buffer, PlainTextLength, Temp, Temp+PlainTextLength);
+        EverCrypt_Chacha20Poly1305_aead_encrypt(Key->Key, (uint8_t*)Iv, AuthDataLength, (uint8_t*)AuthData, PlainTextLength, Buffer, Temp, Temp+PlainTextLength);
     } else {
         QUIC_FRE_ASSERT(FALSE);
         return QUIC_STATUS_NOT_SUPPORTED;
@@ -2570,7 +2572,7 @@ QuicDecrypt(
     } else if (Key->Aead == QUIC_AEAD_AES_256_GCM) {
         r = EverCrypt_aes256_gcm_decrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Temp, PlainTextLength, Buffer, Buffer+PlainTextLength);
     } else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
-        r = EverCrypt_chacha20_poly1305_decrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Temp, PlainTextLength, Buffer, Buffer+PlainTextLength);
+        r = EverCrypt_Chacha20Poly1305_aead_decrypt(Key->Key, (uint8_t*)Iv, AuthDataLength, (uint8_t*)AuthData, PlainTextLength, Temp, Buffer, Buffer+PlainTextLength);
     } else {
         QUIC_FRE_ASSERT(FALSE);
         return QUIC_STATUS_NOT_SUPPORTED;
@@ -2665,7 +2667,7 @@ QuicHpComputeMask(
         } else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
             uint8_t zero[5] = {0};
             uint32_t ctr = Cipher[0] + (Cipher[1] << 8) + (Cipher[2] << 16) + (Cipher[3] << 24);
-            EverCrypt_chacha20((uint8_t*)Key->case_chacha20, Cipher+4, ctr, zero, 5, Mask);
+            EverCrypt_Cipher_chacha20(5, Mask, Cipher+4, (uint8_t*)Key->case_chacha20, zero, ctr);
         } else {
             return QUIC_STATUS_NOT_SUPPORTED;
         }

test/MsQuicTests.h

@@ -35,7 +35,7 @@ void QuicTestValidateSession();
 void QuicTestValidateListener();
 void QuicTestValidateConnection();
 void QuicTestValidateStream(bool Connect);
-void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* CertHashStore, char* Principal);
+void QuicTestValidateServerSecConfig(void* CertContext, QUIC_CERTIFICATE_HASH_STORE* CertHashStore, char* Principal);
 
 //
 // Event Validation Tests

test/bin/quic_gtest.cpp

@@ -144,8 +144,7 @@ TEST(ParameterValidation, ValidateServerSecConfig) {
     QUIC_CERTIFICATE_HASH_STORE CertHashStore = { QUIC_CERTIFICATE_HASH_STORE_FLAG_NONE };
     memcpy(CertHashStore.ShaHash, SelfSignedCertParams->Thumbprint, sizeof(CertHashStore.ShaHash));
     memcpy(CertHashStore.StoreName, "My", 2);
-    QuicTestValidateServerSecConfig(
-        false, SelfSignedCertParams->Certificate, &CertHashStore, "localhost");
+    QuicTestValidateServerSecConfig(SelfSignedCertParams->Certificate, &CertHashStore, "localhost");
 }
 #endif // _WIN32